German government press release on Wassenaar
Press release from the Ministry of Economy http://www.bmwi.de/presse/1998/1208prm2.html, my translation: Export control for encryption technology loosened No "key recovery" for cryptographic products At their plenary meeting on December 2nd and 3rd 1998 the 33 treaty states of the Wassenaar Arrangement have decided to revise the export control for encryption technologies (cryptographic products). Export control has been loosened, and the embodiment of crypto restrictions has been hindered. Thus there will be no export ban for encryption products in the future. The previously comprehensive control characterized by a large number of sectoral exceptions has been replaced by a positively formulated list text. In future all kinds of products - hardware and software are treated in the same way - are only subject to export control starting at a key length of 56 bits. Mass market products that fulfill certain requirements are subject to export control only up from a key length of 64 bits. For the present the restriction to 64 bits is valid for two years, it must then be renewed unanimously or it will be cancelled. In addition, methods such as digital signatures and authentication as well as certain product groups such as wireless phones and pay TV devices are completely exempted from export control. The regulation concerning freely available products (public domain) has remained unchanged. Certain states that had initially demanded special treatment for "key recovery" products have not have been unsuccessful. Thus the export of encryption technology will remain possible without depositing keys with government agencies. ----------------------------------------------------------------------
From an AP news report, my translation [The Green Party is part of the new German government, but the Ministry of Economy is led by the Social Democrats]:
Green Party member of parliament Hans-Christian Ströbele critisized that the government gave in to US pressure for stronger control on encryption. The agreement would affect the obvious need of computer users to protect their business and private communication from unauthorized access. Also the business opportunities of German producers of powerful encryption software would be reduced in a serious way. Thus when implementing the agreement in national law, negative effects must be limited as much as possible.
At 12:04 AM -0500 on 12/9/98, Ulf Möller wrote:
Press release from the Ministry of Economy http://www.bmwi.de/presse/1998/1208prm2.html, my translation:
Export control for encryption technology loosened
War is Peace, Freedom is Slavery? :-). ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Press release from the Ministry of Economy
Export control for encryption technology loosened
War is Peace, Freedom is Slavery?
My first reaction was something along that line. However there are a two important points to note: 1.) Officials point out that "export control" does not mean "export restriction". There are forms of "export control" (such as the requirement to notify the Export Office of your exports) that do not hinder the export of crypto software in any significant way. So it remains to be seen how Germany and other countries will implement the new rules. 2.) The government has acknowledged that public domain software remains unrestricted. This also applies to copyrighted software such as PGP which "has been made available without restrictions upon its further dissemination".
On Wed, Dec 09, 1998 at 08:04:00PM +0100, Ulf Möller wrote:
2.) The government has acknowledged that public domain software remains unrestricted. This also applies to copyrighted software such as PGP which "has been made available without restrictions upon its further dissemination".
I applied for an examination of the Open Source definition to the department for foreign affairs in Norway. The response (no surprise) was that Open Source is compliant with what the Wassenaar-agreement calls "public domain" software. astor -- Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway http://www.guardian.no/
Alexander Kjeldaas wrote:
On Wed, Dec 09, 1998 at 08:04:00PM +0100, Ulf Möller wrote:
2.) The government has acknowledged that public domain software remains unrestricted. This also applies to copyrighted software such as PGP which "has been made available without restrictions upon its further dissemination".
I applied for an examination of the Open Source definition to the department for foreign affairs in Norway. The response (no surprise) was that Open Source is compliant with what the Wassenaar-agreement calls "public domain" software.
I posed a question in this direction in sci.crypt in the thread '(fwd) Strike to protest Wassenaar!' to which Doug Stell gave a follow-up on 11 Dec 14:19:24 which is attached below. M. K. Shen ____________________________________________________ On Fri, 11 Dec 1998 11:50:12 +0100, Mok-Kong Shen <mok-kong.shen@stud.uni-muenchen.de> wrote:
2. "In the public domain".
This is indeed very interesting. If someone implements a strong crypto algorithm with 128 key bits and places it on an ftp-server for free download, then that is by definition in the 'public domain' and hence according to the above not subject to export regulations. Could someone explain this paradox?
a. "Public domain" is defined in the document you refer to, by the indentations under Item 1. b1. 128-bit software is never exempt. b2. 64-bit software is exempt if you meet ALL of the other criteria. b3. The limit of exemption is 56 bits, if you do not meet all of the other criteria. See my other response where this is explained from Catgory 5 - Part 2. Unfortunately, one key statement is missing from the General Software Note and it contains the magic word "ALL." doug
On Mon, Dec 14, 1998 at 08:46:49AM +0100, Mok-Kong Shen wrote:
a. "Public domain" is defined in the document you refer to, by the indentations under Item 1.
b1. 128-bit software is never exempt.
b2. 64-bit software is exempt if you meet ALL of the other criteria.
b3. The limit of exemption is 56 bits, if you do not meet all of the other criteria.
See my other response where this is explained from Catgory 5 - Part 2. Unfortunately, one key statement is missing from the General Software Note and it contains the magic word "ALL."
I haven't heard anything about there not being any exemption on 128-bit crypto. To my knowledge there is a general exemption on all Open Source software, regardless of the key length. However, I will check into this. astor -- Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway http://www.guardian.no/
Alexander Kjeldaas wrote:
On Mon, Dec 14, 1998 at 08:46:49AM +0100, Mok-Kong Shen wrote:
a. "Public domain" is defined in the document you refer to, by the indentations under Item 1.
b1. 128-bit software is never exempt.
b2. 64-bit software is exempt if you meet ALL of the other criteria.
b3. The limit of exemption is 56 bits, if you do not meet all of the other criteria.
See my other response where this is explained from Catgory 5 - Part 2. Unfortunately, one key statement is missing from the General Software Note and it contains the magic word "ALL."
I haven't heard anything about there not being any exemption on 128-bit crypto. To my knowledge there is a general exemption on all Open Source software, regardless of the key length. However, I will check into this.
I think that without looking at any official texts this is very clear from the motivation of the Wassenaar effort: They don't want strong crypto ever to be used by common people. So they can't allow 128-bit crypto for free export in any case. Quite misleading, at least in my opinion, is their use of the word 'public domain' software, which most people understand to be software which anyone can download free of charge. BTW, does anyone have an idea of how long would it take before the clauses of Wassenaar become effective in the countries concerned? It can't be intstantly effective, can it? (Laws have to be officially published.) M. K. Shen
On Mon, Dec 14, 1998 at 12:05:10PM +0100, Mok-Kong Shen wrote:
BTW, does anyone have an idea of how long would it take before the clauses of Wassenaar become effective in the countries concerned? It can't be intstantly effective, can it? (Laws have to be officially published.)
No laws have to be changed. This is just a "small" change to an existing law. astor -- Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway http://www.guardian.no/
participants (4)
-
Alexander Kjeldaas -
Mok-Kong Shen -
Robert Hettinga -
ulf@fitug.de